Forgot your password?
typodupeerror
Security Windows Technology

The Problem With Windows 8's Picture Password 206

Posted by timothy
from the guy-with-a-video-camera-also-a-threat dept.
alphadogg writes "The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token. 'It's cute,' says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. 'I don't think it's serious security.' The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance — making it relatively easy to compromise, he says."
This discussion has been archived. No new comments can be posted.

The Problem With Windows 8's Picture Password

Comments Filter:
  • Video?! (Score:5, Interesting)

    by Anonymous Coward on Thursday December 22, 2011 @06:38PM (#38465718)
    Just look at the greasy finger marks
    • Re:Video?! (Score:5, Interesting)

      by pclminion (145572) on Thursday December 22, 2011 @06:42PM (#38465780)

      Right. Because other than logging in, nobody ever touches the screen of their touchscreen device. Furthermore, typing a password on a touchscreen keyboard doesn't leave smudges that could be seen by anyone... Come on dude.

      I actually have a BUILD tablet (the ones MS handed out in September) and I use the picture login. It keeps the tablet private enough for my purposes. Of course, my password is to simply triple-tap on a particular spot on the image, so it doesn't leave a grease trail that stands out, particularly.

      • Re:Video?! (Score:4, Insightful)

        by Electricity Likes Me (1098643) on Thursday December 22, 2011 @07:35PM (#38466272)

        Its not about the probability of other fingerprints on the device - all you need is a fairly good idea of where someone has been tapping on a photo, and from the photo you will probably be able to guess which points they've used.

        • Re:Video?! (Score:5, Informative)

          by pruss (246395) on Thursday December 22, 2011 @11:05PM (#38467848) Homepage

          There is still the question of getting the swipes in the right order.

          When I wrote a PictureLogin beta app for Palms (back in 2007; no, it's not prior art for the MS patent, as it was tap-only rather than swipe), I made PictureLogin act as a quick login screen, with an immediate fallback to the default passkey login if it failed. It would be very unlikely an attacker would get in on the first try, but it would allow users to have a very fast login with as few as two taps, or maybe even with only one if one was willing to take a risk. That would also help with the fingerprint problem. I think I was also thinking about some security-by-obscurity options, such as a user using some fake form as their PictureLogin image, so that someone who stole or found the device would not know that it's actually a PictureLogin login screen. You turn it on, and you see some normal Palm screen. You tap once or twice in the right place(s) and you're in, and you tap even once in the wrong place and fall back. I never got around to a full release of PictureLogin, though the code is open source.

        • Re:Video?! (Score:5, Interesting)

          by mysidia (191772) * on Thursday December 22, 2011 @11:07PM (#38467858)

          Its not about the probability of other fingerprints on the device - all you need is a fairly good idea of where someone has been tapping on a photo, and from the photo you will probably be able to guess which points they've used.

          So don't just have them tap on parts of a photo. Present a display showing 255 photos, each arranged into a little icon. And ask the user to "touch" the right icon.

          Once they've touched the first photo, show another display of 254 more photos, the photo they picked before can no longer be picked.

          After the user's chosen four different photos, from four disjoint lists of 255 photos, show a fifth photo that is algorithmically derived from their previous two choices.

          Their previous four choices combined with the points on the photo they select, form a password that is much more secure than what the average person uses and can remember as a password.

          there were at least 255 * 254 * 253 * 252 (4 billion) possible choices of photos they can pick, if the order of selection matters, and then after you add the unique points they chose on the fifth photo.

          You have a password that is much better than the person's daughter's name, or their middle name + phone number

      • Re:Video?! (Score:4, Insightful)

        by Anonymous Coward on Thursday December 22, 2011 @08:07PM (#38466568)

        As someone who has owned several touch-screen devices over the last decade, I've noticed that it's a common occurrence for the oil on fingers to accumulate in a tell-tale trail on the screen if you're often swiping a particular pattern. It's the primary reason I switched to a numeric pin rather than the pattern-based authentication on my Android phone. Doesn't seem to happen with taps as it does with swiping.

      • Re:Video?! (Score:5, Informative)

        by peragrin (659227) on Thursday December 22, 2011 @08:09PM (#38466590)

        you must not use finger touch tablets very often.

        I can always tell when someone plays a certian game on my phone, ipad, nook color. why? because the oils streaks have a pattern to them. certain games leave specific patterns. you may not know which is the begining. but if 1/3 the screen doesn't have any oil on it then those parts are ones you dont' have to think about.

        Take a standard password of 12 keys. Now with a glance eliminate 75 out of 101 keys on the keyboard. It becomes a whole lot easier to brute force now.

      • by Mia'cova (691309)

        That's why many of the gestures are directional. Compared to a pin, it's much better. And a 4-6 digit pin on a phone/ipad/etc is definitely the main comparison here.

      • The smudge of an unlock pattern is pretty easy to spot, which is why I very quickly went back to using a pin on my Android.

        If you don't believe me, start looking at other people's Androids and you'll pretty quickly find a way in.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        i take it you haven't tilted your touchscreen to see the smooth path that is worn in at the most used points on the screen.

        This is a problem with androids pattern lock and the screen protector film overlays.

        Over time, the film develops a smoothness along the path where you're finger glides in order to trace out the lock pattern.

        guessing someones lock pattern is simple as tilting the device to make light reflect in a way that reveals the differences in roughness on the screen protector film.

    • Re:Video?! (Score:5, Insightful)

      by adonoman (624929) on Thursday December 22, 2011 @06:46PM (#38465808)
      Even in the worst-case scenario where the computer was used for nothing but logging in with the picture password, the math works out that it's still more reliable than the 4-digit pin that many other devices use.
      • Re:Video?! (Score:5, Interesting)

        by hawguy (1600213) on Thursday December 22, 2011 @07:13PM (#38466068)

        Even in the worst-case scenario where the computer was used for nothing but logging in with the picture password, the math works out that it's still more reliable than the 4-digit pin that many other devices use.

        I'm not so sure I trust the math, since the math is only part of the equation. (no pun intended...well, maybe it was)

        They claim that a 3 tap password has 2.7M combinations, but that's only true if each of the coordinates on the screen was equally likely to be tapped.

        But if the security image is a photo with 2 people and a dog, against a white wall it's pretty likely that I can guess where the taps are, so I only have to guess the order.

        Likewise, instead of a single line resulting in 1,949 unique gestures, in reality there are only 6 likely candidates. (and I bet most of the time if I draw the line from the face of the guy holding the dog's leash to the dog, then I'll have guessed correctly)

        Sure, someone may decide to tap on the lower left corner of the blank wall to make their passcode more secure, but the average person will probably stick with the faces.

        • You'd need to do some studies to see how non-uniform combination probabilities are. Asserting without proof that most people will choose easy-to-guess gestures is just as fallacious as just giving the number of unique combinations (which does not change) without discussing the underlying probability distribution.
          • by KlomDark (6370)

            Why did my mental voice suddenly shift to a low monotone when I read that?

          • Re: (Score:2, Informative)

            by Anonymous Coward

            without proof that most people will choose easy-to-guess gestures is just as fallacious as just giving the number of unique combinations

            Considering the amount of evidence out there proving that, left to their own devices, a large majority of people already use easily guessable passwords (NYT [nytimes.com], 2011 Worst Password Study [mashable.com], and on, and on...), this isn't a stretch at all.
            In fact, your non-logic deserves a spanking considering how easy a simple web-search is on this subject. Try a little harder next time.

        • But if the security image is a photo with 2 people and a dog, against a white wall it's pretty likely that I can guess where the taps are, so I only have to guess the order.

          In that case... don't choose an photo of 2 people and a dog.

          What you're saying is "This system has very poor security, if they choose the pictures poorly and each picture has very few probable combinations". Pretty obvious answer is: Don't choose such pictures. I'd guess that before they choose a picture for this purpose, they do some testing on what kind of patterns people use and discard the pictures where there is too little distribution. Of course, users may always use the most obvious pattern and the

          • by hawguy (1600213) on Thursday December 22, 2011 @08:26PM (#38466710)

            But if the security image is a photo with 2 people and a dog, against a white wall it's pretty likely that I can guess where the taps are, so I only have to guess the order.

            In that case... don't choose an photo of 2 people and a dog.

            What you're saying is "This system has very poor security, if they choose the pictures poorly and each picture has very few probable combinations". Pretty obvious answer is: Don't choose such pictures. I'd guess that before they choose a picture for this purpose, they do some testing on what kind of patterns people use and discard the pictures where there is too little distribution. Of course, users may always use the most obvious pattern and they might be able to choose a picture themselves and use too simple picture... but users can also choose very stupid passwords.

            That's my point exactly - in the lab, I'm sure this is a very secure system and can be made to be much more secure than a traditional passphrase. But in the real world, people see security as something that gets in the way, so they choose something easy to use, not something secure, so this ends up being not any more secure than any other system.

            • by neokushan (932374)

              MS addressed the insecure picture idea in one of their blog posts. It's insecure if you have only one or two points of interest, but with 3 or more the security goes up quite a bit because each of the POI's has numerous things that can be attributed to them - taps, swipes from one to another in either direction and different sizes of circles. Then you have to get the order right on top of that. Yes, there are other issues for sure (Smudges, etc.) but the points of interest one isn't actually that bad.

        • Re:Video?! (Score:5, Informative)

          by Mia'cova (691309) on Thursday December 22, 2011 @08:22PM (#38466692)

          The math used for comparison typically assumes that there are 10 points of interest in an image. Obviously there's a range depending on the image but most have at least 10. Just don't use Japan's flag as your image and you should be okay. Since lines are directional, when you say 6 likely candidates for lines, that works out to three points of interest: A->B, A->C, B->A, B->C, C->A, C->B. So that really isn't true at all.

          The meaty bit at the end of their math is this: "Assuming the average image has 10 points of interest, and a gesture sequence length of 3, there are 8 million possible combinations, making the prospect of guessing the correct sequence within 5 tries fairly remote."

          The table at the bottom is good to look through.
          http://blogs.msdn.com/b/b8/archive/2011/12/16/signing-in-with-a-picture-password.aspx [msdn.com]

          Bottom line, for 3 gestures on a typical image, 8 million > [10,000 to 1,000,000] (possibilities for a 4 to 6-digit pin, the valid comparison for this)

        • You should go read the follow up post on the Building Windows 8 blog. It covers a lot of the probabilities assuming 1, 2, 5, or 10 points of interest in a pictures.
    • Re:Video?! (Score:5, Insightful)

      by rsborg (111459) on Thursday December 22, 2011 @08:08PM (#38466582) Homepage

      Just look at the greasy finger marks

      You know, the OS could mitigate this quite easily by moving around the picture, reorienting or rotating it. This would eliminate the benefit of muscle-memory, but allow it to be more secure.

      • Re:Video?! (Score:4, Insightful)

        by KlomDark (6370) on Thursday December 22, 2011 @08:21PM (#38466682) Homepage Journal

        Yeah, you can do that on a computer with a REAL screen, not those little iToys that all the cool kids have to carry around with them these days.

        Can't wait for this fad to die down a bit so we can quit hearing all these retarded stories about "The Desktop Computer is DOOOOOOMMMEEEDD!" all the time.

        Sure, it's eventually doomed, but not for a long time still. There are so many things that I do on a triple headed desktop that I would never want to attempt on a mobile or pad. (Coding, taxes, etc.) And some things are more convenient on a mobile device. (Driving directions, reading the news over lunch, etc.)

        CricKet MessageMate II WTF! ;)

      • Re:Video?! (Score:4, Interesting)

        by cbhacking (979169) <been_out_cruising-slashdot@@@yahoo...com> on Thursday December 22, 2011 @10:34PM (#38467684) Homepage Journal

        The portion of the picture that is shown for Picture Password is cropped and moved around the screen, specifically to mitigate a "smudge attack".

      • Actually no. They considered this in the follow up blog post. Turns out it gets easier to spot patterns that way because of the relative position of multiple smudges. So you can isolate the password pattern from normal use easily.

    • by swalve (1980968)
      Or they could do what non-idiotic security systems have been doing forever, and mix up the order of the pictures each time. Or use three pictures, and use a different pool of pictures for each "keypress". Once a user selects their first image, the screen redraws and displays a new set of pictures to choose from.
    • by Maow (620678)

      Just look at the greasy finger marks

      I wish my Android swipe-unlock-pattern would present itself at different locations on the screen so the unlock swipe pattern would be more randomised.

      Hey, I should patent that!

  • by Anpheus (908711) on Thursday December 22, 2011 @06:40PM (#38465746)

    Surely an accomplished individual like him could put out a serious paper on why picture passwords aren't good security, if they aren't. The math seemed alright in the Microsoft blog, so I don't know what the problem is.

    Oh, I know what it is, he's the head of a company that offers alternative security products that use multi-factor authentication. *Of course* well implemented multi-factor auth is more secure than single-factor, but if he weren't in charge of a company trying to sell a product, would this article even exist? Probably not.

  • In other news (Score:5, Insightful)

    by Anrego (830717) * on Thursday December 22, 2011 @06:41PM (#38465758)

    The lock on your diary offers little protection from a skilled locksmith most can be opened with a simple bent piece of metal.

    If you have someone following you around with cameras trying to capture your login info to use later when they have physical access to your machine a traditional password probably isn’t going to cut it either. This provides the same kind of “guy walking by” protection as traditional passwords do. Ok, maybe less.. but still. Maybe this will actually push people towards more secure auth for serious things by highlighting how insecure a basic password is.

    All that said, I think it’s a pretty stupid feature ;p

  • by DrEldarion (114072) on Thursday December 22, 2011 @06:41PM (#38465764)

    Of course it's not "very good" security. Neither is Android's face unlock. Neither are PINs. Neither are passwords. etc. etc. etc.

    The whole point of things like this are that they're better than no security and that people will actually use them. You can have the best security setup in the world, but if users never enable it because it's too much of a pain in the ass, then it's worthless.

    • by Opportunist (166417) on Thursday December 22, 2011 @07:13PM (#38466062)

      I dare to disagree. Bad security can actually be worse than no security. For more than one reason.

      First, the obvious one: People rely on security and act as if they're protected even though they are in fact not.

      The less obvious one is that a faulty and flawed security mechanism actually offers another attack vector. To use an example from a real security problem, imagine a door without a lock and no handle, opening to the outside. Without handle or lock, the door cannot be opened from the outside, since there is no way for you to pull at it, and pushing it won't do you no good. And a good, solid oak door is quite hard to bash in. Add a lock and you not only offer a point where an attacker can actually put a hook, you also have to weaken the door to apply the lock. If the lock is now flawed and easy to pick, you actually lowered the security of the door by adding a lock.

      It's the same with flawed IT security mechanisms.

      • by bherman (531936) on Thursday December 22, 2011 @07:28PM (#38466194) Homepage
        Taking your analogy a bit further..... While you may have a more secure door without the lock, you also have what is commonly referred to as a wall. Without a way to use the door it is no longer serving it's intended purpose. The most secure computer is one that is not on a network and cannot be physically accessed. Once you actually need to access it you are now weighing the tradeoff between usability and security. The picture password is intended to provide a way for users who wouldn't otherwise protect their device with a low impact way of doing so.
      • by Endo13 (1000782) on Thursday December 22, 2011 @07:45PM (#38466374)

        Your door analogy is fundamentally flawed, because the user has to get in some way, otherwise the house (or PC) is useless. The same applies to both. On the house, sure that particular door is difficult to break into because you can't open it from the outside. But somewhere on another wall there's another door that can be opened from the outside, and will have traditional security measures.

        That's the whole point of security - to allow authorized entry while making it difficult for unauthorized entry. Your suggestion of making entry impossible is mind-bogglingly stupid in this context.

        • by cbhacking (979169)

          Also, you're clearly not thinking about it enough. A suction cup will easily allow you to pull the door toward you. Security through obfuscation ("I can't figure out how to pull this door open, there's no handle!" or "I can't figure out how to decrypt this file; it's a custom crypt algoritm!") is about as useful as its name sounds. Anybody who bothers to really try will probably find more weaknesses in the method you used than in the well-known and widely-tested techniques.

      • Yes, you are correct. Things are more secure when they are inaccessible. Also, cars are less likely to be stolen when they have no tires or engines.
      • by waveclaw (43274)

        Bad security can actually be worse than no security.

        These types of arguments tend to run on one of two lines: people trusting that which they shouldn't and examples of simple broken systems.

        There is nothing you can do about people trusting systems they shouldn't. Houses have many ways in that are usually easier to open with tools than the doors. Windows are used for entry because you only need a fist to break most. Walls are just as easy with power tools. It's the social contract between people that prevents this type of security problem. Locks on you

    • by AngryDeuce (2205124) on Thursday December 22, 2011 @07:13PM (#38466066)

      Exactly. The weakest point in any security system will always be the user, and unfortunately, the user is the hardest weakness to combat.

      Consider forcing password changes at certain intervals: 99% of the time, the new password is the same as the old one with a variation of a single character; e.g., "Flower" becomes "Flower1". Then, next time there's a forced password change, they just set it right the hell back to "Flower", or go up to "Flower2".

      Then there's the systems where the password is provided, usually gibberish alphanumeric of a certain character length. Nobody can remember that shit, so what does everyone do? Write it the hell down somewhere, or store it in a text file; usually fucking called "Passwords", because people are retards.

      No matter how elaborate your security is, the user will find a way to fuck it up. A door won't be closed, a document won't be shredded, a workstation won't be locked, a security protocol won't be followed, and it's always for the sake of the user's convenience. The more of a pain in the ass it is, the more likely it will be compromised by laziness on the part of the user. That's just how people are; not all of them, but a lot of them.

      I mean, stories of people getting hacked or their identities stolen are in the news all the time, and the most common user-created passwords are still ridiculous shit like "1234" and "ABCDEFG". Clearly people would rather accept the risk of a weak password for the sake of convenience. Either that or they really are retarded.

      • You clearly forgot QWERTY and ASDFG!

      • by ghostdoc (1235612) on Thursday December 22, 2011 @08:34PM (#38466778)

        That's just how people are; not all of them, but a lot of them.

        I mean, stories of people getting hacked or their identities stolen are in the news all the time, and the most common user-created passwords are still ridiculous shit like "1234" and "ABCDEFG". Clearly people would rather accept the risk of a weak password for the sake of convenience. Either that or they really are retarded.

        Since clearly most people are not retarded, but are using the system as if they are retarded, then the system is the problem. Blaming the users is pointless, you're not going to get better human beings to use your system, so you've got to change the system.

        As XKCD and many others have pointed out, we have a pointlessly hard method of specifying passwords...if it's 'strong' it can't be easily remembered, and will be written down or re-used on multiple occasions. If it's easy to remember then it's easy to guess. In other words, we have a system that is easy for computers to implement, but hard for humans to use.

        There must, surely, be better ways of doing this that work with the way the human brain works to encourage stronger security. After all, it's a lot easier to change the security implementation than it is to change the human brain. We need to find a better system and not just stick with the current broken one and blame the users for being retards.

        I'm glad someone is trying something different that might make security better.

        • Since clearly most people are not retarded...

          Excuse me, but that is not clear at all.

        • by Ambvai (1106941)

          I pick decently long and complex phrases that I already remember as my passwords. Song titles are a pretty good pick: TheGirlFromIpanema is decently long, already memorized, easy enough to read off to somebody else if necessary and has a few obvious mutations if needed for subsequent incarnations.
          *Disclaimer: Not good for all songs. I believe 'If' was a #1 song in the 70s...

        • by arose (644256)
          While I generally agree, I don't think passwords really are that hard to memorize. People routinely remember telephone numbers for example. I believe the reason we are seeing a problem with passwords/paraphrases is twofold: there is the usual brain shutdown that people experience with computers even if they routinely deal with much more complex things and there is the fact that they don't get to train it. Make a system where the user can practice entering the password a few times before they actually have t
      • You know why people use stupid passwords like 1234 and abcd? Because it's only reasonable. My laptops password is 'yo'. It let's me log in or unlock quickly and still doesn't allow my roommate to snoop around in my laptop. That's it! That's all the security I need, that nobody can post shit from my facebook account. There's no secret data I'm carrying around.

    • by Tom (822)

      "good" is a relative measure. A code of 4 numbers can be good security for your garden shed, and passwords are entirely sufficient for most stuff online (really, how much security do your various forum accounts need? What's the threat level?).

      Yes, making security hard is the wrong approach, it does make people circumvent it. No, dumbing it down so they use it, but it doesn't really provide any security anymore is the wrong answer, because it generates a false sense of security, and that is much worse then h

  • by Piata (927858) on Thursday December 22, 2011 @06:42PM (#38465776)
    I could unlock my friend's Android phone just by studying the smudge patterns on the touchscreen. I imagine this would be just as easy.
    • I've always wondered why Android's grid unlock function didn't allow a 'cell' to be hit more than once. ThrottleLock - a lock screen 'app' for Windows Mobile - does allow this.

      In addition, you would fail miserably with my pattern, even though it's only three swipes, because although you can't hit a 'cell' more than once, you can certainly swipe over it more than once - but you'd need more than a cursory glance at the light reflecting off of it to figure that one out.

      Plus this would only really work well if

    • Not if they used this [socialtimes.com]
    • by Mia'cova (691309)

      Directional gestures like drawing lines and circles are a lot harder to figure out based on the smudges. You still only get max 5 attempts before the device self-destructs the decryption keys to its data. So even if you can see the exact smudges from the login perfectly, you're still unlikely to guess right with both order and direction.

    • by tftp (111690)

      So you want to break into a tablet that belongs to your boss. He leaves the tablet on the desk but it's always locked. Here is the procedure.

      When the boss walks away, clean the tablet and put it back. Wait until he returns and starts using it. Wait until he is distracted by something and walks away again. Look at the smudges. If not enough, wipe and repeat. The unlock pattern will be always there, unlike other random touches.

      One way to plug this hole would be by using a numeric PIN and a numeric on-scr

    • by cbhacking (979169)

      Trivial to mitigate. Each time the image is shown, crop it a little differently and show it on a different part of the screen. Maybe even scale it or rotate it. Win8 implements at least a few of these mitigations.

  • by mmell (832646) <mmell@hotmail.com> on Thursday December 22, 2011 @06:51PM (#38465844)
    "Something you have, something you know and something you are. Pick two out of three."

    Hence, RSA tokens + passwords (something you have + something you know)

    Smart cards + biometrics (not perfect, but something you have + something you are)

    Or even all three, for the truly paraniod (smart card + biometric scan + password)

    Even with all three, a sufficiently determined entity with sufficient resources can overcome it. Video recording + physical acquisition of the owned object + physical acquisition of the biometric object (hope it's just a fingerprint scan and not a retinal scan!) will get an intruder past the security trifecta.

    What next, DNA + mind scan + a password > 512 bytes?

    • by Anrego (830717) * on Thursday December 22, 2011 @06:55PM (#38465906)

      It has to scale to the requirement for security.

      My slashdot account doesn't need three factor authentication, however I wish my bank would have at least 2 (seriously, I've yet to find any banks in Canada, let alone my province (Nova Scotia) that offer something beyond a password. The hell!).

      • by Tom (822)

        mobile TANs are a relative of two-factor authentication, as they employ a secondary channel to transmit the TAN. You could say it's something you know (the password or PIN you needed to set up the transaction) and something you have (the phone that gets the SMS with the TAN), but that's a simplification.

      • You can compensate for password only by using randomly generated long passwords and save them with a program like Roboform so you don't have to remember or type them in.

        http://www.roboform.com/ [roboform.com]

        • by Mashiki (184564)

          That's nice. But even Canada's largest bank only allows passwords 12 characters in length, and you can only use alphanumeric's.

    • Every time I read something like this, Monkey Island and the escape from the cannibals comes to mind. People secure their door with ever increasingly complicated locks and ignore the fact that the burglar might just come through the wall.

      Seriously, I've had more audits where it was easier to just ignore the login procedure and punch a hole into the "wall".

    • by PNutts (199112)

      "Oprah, Barbara Walters, your wife. You gotta fuck one, marry one, kill one, go!"
      Hence...

      Fixed that for 'ya.

  • by HideyoshiJP (1392619) on Thursday December 22, 2011 @06:52PM (#38465866)
    For only $99.95, you can buy our three factor authentication software for one year! That's right, keep criminals from stealing your digital camera pictures of your cat for a nominal fee! I'm willing to bet this picture security is no less secure than typing on a keyboard that's visible on the screen and combining it with the screen smudges. Domains probably won't use this authentication anyway, or at least it'll be optional.
    • by cbhacking (979169)

      It can be blocked using Group Policy, yes.

      (Seriously, does anybody bother to do even a little research before commenting? This was announced months ago!!)

  • by DanLake (543142) <slashdot&lakepage,com> on Thursday December 22, 2011 @06:52PM (#38465872)

    So QUERTY becomes "Head, Shoulders, Knees and Toes". I'm guessing in many cases that the picture itself would suggest how it was to be interacted with.

    • by Anonymous Coward on Thursday December 22, 2011 @06:59PM (#38465964)
      How the hell do you typo QWERTY?
      • by doshell (757915)
        I do not use a QWERTY keyboard, you insensitive clod!
      • by dokebi (624663)

        Because I get aoeu when I type ASDF.

      • Re: (Score:3, Interesting)

        by DanLake (543142)

        How the hell do you typo QWERTY?

        Good question and thank you kind AC for pointing it out. I guess it happened because my fingers don't willingly type misspelled words and I type 'query' about a million times more often than I type qwerty.

      • by Daimanta (1140543)

        How the hell do you typo QWERTY?

        ASDFG

    • That could work if you had pictures with multiple objects. Something like cat-ball-car ... But you would need some crowd sourcing to generate the data. Or use something like Settlers of Cattan pieces, or Magic the Gathering cards. Click 3 roads or 5 mana symbols.

      Bonus points if you built a modular system.. So people can make their own image packs... Allowing for more "inside jokes".

  • by jelwell (2152) on Thursday December 22, 2011 @06:57PM (#38465936)

    Has he even tried this? I can't reliably login using the picture password setting, and I'm the one that set up the "password". I'm not convinced a video recording would suffice. I could, just as easily, video record your keyboard from a distance, but that's not going to net you my password very reliably either. Not unless you're a chicken pecker.
    Joseph Elwell.

  • by Opportunist (166417) on Thursday December 22, 2011 @06:59PM (#38465958)

    You remember the passwords of the old days that your users had? That were the names of their loved ones, their birthday or the ever popular "test", "password" and "12345"?

    Guess what, they'll get a revival. For the same damn reason: People have no idea about security and they don't give a fuck about it. They prefer easy to remember passwords to secure ones. Just that with picture passwords, unlike standard typed ones, it's kinda hard to implement password security standards.

    Why it's more insecure than typed passwords? Well, take your average photo. Now imagine what 4 points a person might be touching in it. Can you spot more than 6 "sensible" spots? People will choose points in the picture that stand out, and there won't be many more than 4-6 points that stand out. Unless some kind of 3-strikes-rule gets implemented (not bloody likely on a private computer, or even corporate computers after helpdesk had to reset the password for the n-th time because people failed to hit the right spot on their picture), it just takes rather few attempts at "connect-the-dots" before you find one that fits.

    • by Mia'cova (691309)

      It's for devices with hardware security to enforce a ~5 attempt max and self-destruct the encryption keys. So any phone/tablet pretty much fits the bill. It's not intended for traditional desktop machines. Here's my current background image: http://i.imgur.com/eJqQF.jpg [imgur.com]. I'm pretty sure I can spot more than 6 points of interest.

      • by tftp (111690)

        I'm pretty sure I can spot more than 6 points of interest.

        Yes, if the picture is shown on a 22" LCD.

        However have you seen the iPhone 4S lately? Its screen is so small, compared to your finger, that it's hard to have more than a few unique points that stand out and don't interfere with each other. In your picture, for example, one group of red flowers would be one point, and another group - another point. The tree top could be recruited as yet another point, and that's about all. Other points, even thou

  • Am I the only one that has seen the film adaptation of Johnny Mnemonic? Only government-sponsored dolphins will be able to crack into Windows 8 with this enabled!

  • by PNutts (199112) on Thursday December 22, 2011 @07:11PM (#38466058)

    To be fair he *is* an expert in poor security.

  • I'm sure it'll keep young children out, and keep the prankster in your dorm from loading up your computer with gay porn.
  • hmm (Score:3, Insightful)

    by stevenfuzz (2510476) on Thursday December 22, 2011 @08:23PM (#38466694)
    Wouldn't it be prudent for the inventor of "RSA's SecurID token" to say that basically any security system other than his is ineffective?
  • And here I thought the major problem would be "I'll feel stupid using it." ;)

  • http://cs.dartmouth.edu/~averyyen/CCP/project.pdf [dartmouth.edu]

    But seriously, wouldn't anyone actually coding this system up for production use quickly realize that some points in a picture are going to be chosen more often than others?

  • And that photo of Felicia Day the Slashdotter was using as his security picture? Eleven out of ten security specialists guessed two points on the touch screen in less than a second.

  • by DrXym (126579) on Friday December 23, 2011 @04:59AM (#38469400)
    1. Make the picture fairly small so people are not using pronounced movements to draw on it. i.e. don't fill the screen with the picture, use a part of it so the gestures are smaller.
    2. Distort the picture, e.g. scale, rotate, shear and offset by some random percentage each time so even if you observe the gesture or the smears on screen you cannot exactly reproduce them the next time. Apply a transform to turn the gesture back into coords relative to the original picture.
    3. Go one further and break the picture up into 8 or 9 pieces and while maintaining their relative position offset them from each other by some random spacing.
    4. Don't let users pick the picture. Ship some interesting pictures with lots of points of interest to minimize the chances someone could guess them.
    5. Provide a fallback mode that uses a password

    All of these would help secure picture passwords and protect against snoopers.

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner

Working...